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-Abstract- 

We study pushdown systems where control states, stack alphabet, and transition relation, instead 
of being hnite, are hrst-order definable in a fixed countably-inhnite structure. We show that the 
reachability analysis can be addressed with the well-known saturation technique for the wide class 
of oligomorphic structures. Moreover, for the more restrictive homogeneous structures, we are 
able to give concrete complexity upper bounds. We show ample applicability of our technique 
by presenting several concrete examples of homogeneous structures, subsuming, with optimal 
complexity, known results from the literature. We show that inhnitely many such examples of 
homogeneous structures can be obtained with the classical wreath product construction. 
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[T] Introduction 


Context. Pushdown automata (PDS) are a well-known model of recursive programs, with 
applications in areas as diverse as language processing, data-flow analysis, security, compu¬ 
tational biology, and program verification. Many interesting analyses reduce to checking 
reachability in the infinite configuration graph generated by a PDS, which can be done 
in PTIME with the popular saturation algorithm [71 [TH] (cf. also the recent survey my 
Saturation shows a slightly more general property of PDS graphs, which is sometimes called 
effective preservation of regularity: For a regular set of target configurations of a given PDS, 
the set of all configurations which can reach the target in a finite number of steps is effectively 
regular too. The preservation is effective in the sense that there exists a procedure which 
produces, from an NFA recognizing the target set, an NFA recognizing the predecessors. This 
is a central theoretical result in the analysis of PDS, with immediate practical applications 
as demonstrated by the prominent tool MOPED m- Therefore, it is of interest to extend 
this conceptually simple and yet powerful method to more general settings. 

Several generalizations of the pushdown structure yielding PDS-like models admitting 
effective preservation of regularity are known, e.g., tree-pushdown systems m, ordered 
multi-pushdown systems pa, annotated higher-order pushdown systems naiin!, and 
strongly normed multi-pushdown systems m- In this paper, instead of generalizing the 
pushdown structure itself, we generalize the contents of the pushdown, by allowing the 
pushdown symbols to be drawn from an infinite set. Our model is parametric in the choice 
of a countably-infinite logical structure A, called atoms. We introduce and study first-order 
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definable pushdown systems (FO-definable PDS) over A, which are like usual PDS, except 
that control locations, stack alphabet, and transition relation are FO-definable sets over A, 
instead of ordinary finite sets. Thus, we do not invent a new model, but we reinterpret the 
classical model in a new setting. This covers ordinary PDS as a special case, and allows 
the study of non-trivial yet decidable classes of PDS over infinite alphabets. For instance, 
by taking A to be equality atoms (D, =), i.e., a countably-infinite set D where only equality 
testing is allowed, we obtain (and slightly generalize) pushdown register automata dH El US] • 

Contributions and organization. The technical results of this paper and its structure are 
as follows. In Sec.[^ we recall the setting of FO-definable sets, FO-definable relations, and 
FO-definable NFA. In Sec. we introduce FO-definable PDS. This is done by reinterpreting 
the classical model in the FO-definable framework. Our approach has the advantage that we 
do not need to define a new model. Instead, we reinterpret the classical model in a generic 
logical framework. In Sec. we consider oligomorphic atom.0 with a decidable first-order 
theory, and we show effective preservation of regularity for the backward reachability relation 
of configuration graphs of FO-definable PDS. This is obtained via a symbolic implementation 
of the classical saturation method, which comes along with a simple proof of correctness. In 
Sec. 1^ we provide an upper complexity bound in the special case of homogeneous atoms, 
and in particular an ExpTime bound in the case of tractable homogenous atoms, matching 
the known ExpTime-hardness for equality atoms from j26| . In Sec. we provide many 
interesting examples of tractable homogeneous atoms for which we can apply our results, 
including equality atoms |26j (as remarked above), but also: total order atoms (Q, <), which 
can be used for modeling densely-ordered data values; equivalence atoms (D,i?), where R 
is an equivalence relation of infinite index s.t. each equivalence class is infinite, which can 
be used to model nested data values; universal tree atoms, which can be used to model 
dynamic topologies of concurrent programs with process creation and termination; as well 
as other structures, such as universal partial order atoms, universal tournament atoms, and 
universal graph atoms m- In the same section, we also show that the classic wreath product 
construction can be used to generate infinitely many new tractable examples from previous 
ones. Our logical approach has the advantage to highlight the general principle behind 
decidability, and we can thus prove correctness once and for all for all structures satisfying 
the mild assumptions above. As a byproduct, we also obtain tight complexity results for 
PDS over natural classes of infinite alphabets. Infinitely many such natural structures can be 
found by using the wreath product construction. In Sec. we conclude with some directions 
for future work. 

\~ 2 ] Preliminaries 

Sets with atoms. Let A be a countably-infinite logical structure with finite vocabulary. An 
element of the structure we call atom, and the whole structure we call atoms. Examples of 
atoms are equality atoms (D, =), i.e., an arbitrary countable infinite set D with equality, and 
total order atoms (Q, <), i.e., the rationals with the dense order. More examples of atoms 
will be discussed in Sec.[^ In the study of atoms, the group Aut(A) of automorphisms]^ of A 
plays a central role. For instance, automorphisms of equality atoms are all permutations of D, 
and automorphisms of total order atoms are monotonic permutations of Q. By using atoms. 


^ A structure A is oligomorphic if for every n, the product A" is orbit-finite. 

^ An automorphism is a bijection of atoms that preserves all relations from the vocabulary. 
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we can build sets containing either previously built sets, or atoms themselves. For example, 
we build tuples A" of fixed length, or disjoint unions thereof. On such sets, we will consider 
the natural action of Aut(A), which renames atoms while keeping intact the remaining 
structure. For instance, on tuples of atoms the natural action is the point-wise renaming: for 
TT G Aut(A) and oi,... ,a„ S A, 7r(ai,... ,a„) = (7r(ai),... ,7r(a„)). Similarly, on disjoint 
unions the action is component-wise. The action induces the notion of orbit, which is the 
set of elements that can be reached via renaming, i.e., orbit(e) = {7r(e) | tt G Aut(A)}. The 
sets in the sequel will always be equivariant, i.e., invariant under action of automorphism^ 
Every orbit is equivariant by definition, and every equivariant set is a disjoint union of 
orbits. For instance, in total order atoms (Q, <), the set is the disjoint union of 3 
orbits, {{q, q') \ q < q'}, {{q, q') \ q = q'}, and {{q, q') \ q > q'}; and l±l is the disjoint 
union of 16 orbits. A central notion is that of orbit-finite sets, which are finite unions of 
orbits (as opposed to arbitrary unions). Intuitively, an orbit-finite set has only finitely many 
elements up to renaming by atom automorphisms. Orbit-finiteness generalizes finiteness, 
and a substantial portion of results from automata theory carry over to the more general 
orbit-finite setting [S]. This paper can be seen as such a case study for the specific case 
of pushdown automata. For the sake of concreteness, we restrict in the rest of the paper 
to FO-definable sets, to be defined now; we only note that the results of this paper can be 
straightforwardly generalized to all orbit-finite sets with atoms. 

FO-definable sets. Fix a structure A over a finite vocabulary. We describe infinite sets 
symbolically using first-order logic over the vocabulary of A, which we assume to always 
include the equality relation =. A first-order formula f{x) (where we explicit list all 
free variables according to an implicit order) with n > 1 free variables defines the subset 
[ip] C A” of tuples that satisfy (p, i.e., [p] = {a S A" | (a; >->• o) 1= tp}. This set is always 
equivariant, since a formula can only compare atoms by using symbols from the signature, 
and automorphisms by definition respect this signature. The dimension of [p] is the number 
n > 1 of free variables of p, denoted by dim p. We also allow the tautologically true formula 

p = (Vx ■ X = x); by convention, we take dim p = 0 and [p] is a singleton (for a fixed atom 

in A). A FO-definable set X over A is a finite indexed union of such sets, i.e., 

A = {^} X [pi], where L is a finite index set. 

IGL 

When we want to omit the formal indexing, we just write X as the finite disjoint union 
Since FO-definable sets are unions of equivariant sets, they are equivariant too. 
When dim pi = 0 for every I G L, then X is finite and has the same number of elements as 
L. Thus, FO-definable sets generalize finite sets. 

We use FO-definable sets for control locations and alphabets of automata. In the former 
case, an index I G L may be understood as a control location, and a tuple a G A" as a 
valuation of n registers. Under this intuition, pi is an invariant that constrains register 
valuations in a control location 1. We do not assume that all component sets [pi] have the 
same dimension, i.e., the number of registers may vary from one control location to another. 

FO-definable relations. Along the same lines, we define FO-definable binary relations. 
Consider two FO-definable sets X — \ifi^i\pi\ and Y — An FO-definable relation 


^ More generally, one can consider finitely supported sets. A set is supported by S A if it is invariant 
under automorphisms that preserve elements of S. The results of this paper can be straightforwardly 
generalized to finitely supported sets. 


[fcc^ til 
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i? C X X F is an FO-definable set R = k^Kl^ik] where the indexing set is the Cartesian 
product L X K, and every component set satisfies C [ipi] x [ipk]- In particular, 
dim = dim ipi + dim ipk ■ Relations of greater arities can be obtained by iterating the 
construction above. We use FO-definable relations to define transition relations of automata. 
The formula ^ik may be understood as a constraint on a transition from control location I to 
control location k, prescribing how a valuation of registers in I before the transition relates 
to a valuation of registers in k after the transition. 


FO-definable NFA. As an example application of FO-definable sets and relations, we define 
FO-definable NFA. This model will be used later to recognize regular set of configurations 
of FO-definable PDS, also defined later. A classical NFA is a tuple A = {T,Q,F,6), 
where F is a finite input alphabet, Q is a finite set of states, of which those in F C Q 
are the final ones, and (^CQxPxQis the transition relation. Once an initial state 
is chosen, the definitions of run, accepting run, and language L{A) recognized by A are 
standard. By simply replacing “finite” with “FO-definable” in the definition above, we 
obtain FO-definable NFA. To fix notation, an FO-definable NFA will be written as a tuple 

A=(T = l+)fcg^K], Q = l+Ji6L[V’i], F = l+JigilV'f], w.l.o.g. 

we assume that Q and F have the same index set L. Notice that S is an FO-definable set, 
while Siki' is a first-order formula. 

► Example 1. Let A be the total order atoms (Q, <), and let the alphabet be F = {k} x Q. 
Consider the language M = {(k, oi) • ■ ■ {k, a„) G F* | oi > 02 < 03 > • • • < a 2 n+i} of non¬ 
empty finite words of odd length of alternating growth. This language can be recognized 
from state ij by the NFA 

A = (F, Q = {£/} U {£ 0 } X Q U {ti} X Q, F = {^o} x Q, 5 = y [Siki'])- 


The initial location £7 does not contain any register, while control locations Iq, i\ both contain 
one register, which is used to guess the next input symbol and to ensure the right ordering. 
Formally, y, x') = x' <y (we use the notation S(,jkio{, y, x') to emphasize that £7 does 

not have any register), 5t„kii{x,y,x') = {x = y A x' > y), Si^kioix,y,x') = {x = y Ax' <y), 
and [5ikv] = 0 for the other cases. 


3 I First-order definable pushdown systems 


In this section we define FO-definable PDS and their reachability problem. According to the 
classical definition, a pushdown system (PDS) V = (F, P, p) consists of a finite stack alphabet 
F, a finite set of control states P, and a finite set of transition rules p = U p^°'^ , which is 
partitioned into push rules CPxFxPxFxF and pop rules pP°P C P x F x P. In 
this paper, we reinterpret this definition in the setting of FO-definable sets, which yields a 
more general model. For an atom structure A, FO-definable PDS over A are obtained by 
replacing “finite set” with “FO-definable set” in the classical definition. To fix notation, an 
FO-definable PDS is a tuple 


p = (F = y [pk], p = y [e^], p =u pp 

kGK l£L 
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whertQpP“=^ = ^e,e'eL,k,k',k"eK{pTktk'k"] and = W^/'Gi.fcGif [Pffe?']- in the classical 
case, an FO-definable PDS induces an infinite transition system (C, —>), where the set of 
configurations is C = P x F*, and there is a transition c —> d between two configurations 
c = (g, aw) and d = (g', w') if, and only if, either there exists a push rule (g, a, g', 5, c) S 
s.t. w' = bcw, or there exists a pop rule (g, a, g') G pP°P s.t. w = w'. Let —>* be the reflexive 
and transitive closure of —>. For a set C of configurations, the backward reachability set of 
C, denoted Reachp^(C), is the set of configurations that can reach some configuration in C\ 

Reachp^(C) = {c G C | c —>■* d for some d G C} . 

► Example 2. We define an FO-definable PDS V over total order atoms (Q, <) which 

constructs strictly monotonic stacks, the maximal element being on the top of the stack. Let 
p = (F = {fc} X Q, P = {£/} , p = where pTjthkki^ > v'^ v”) = (l/ < y' A y" = y). 

This paper concentrates on the reachability analysis for FO-definable PDS. Given an 
FO-definable PDS V = (F, P, p), two control locations p,q G P, and a stack symbol _L G F, 
the reaehability problem asks whether {p, _L) G Reachp^({g} x F*). We start with stack _L and 
we ignore the stack at the end of the computation. More general analyses can be considered 
by imposing regular constraints on the initial and final stack contents. These easily reduce 
to reachability of a regular set of configurations, which is the problem considered in the next 
section. 

[~^ Preservation of regularity I: Oligomorphic atoms 

We solve the reachability problem as a corollary of a general effective preservation of regularity 
result for the backward reachability relation of FO-definable PDS. To this end, we use FO- 
definable NFA to describe regular sets of configurations. In the following, fix an FO-definable 
PDS V = (r,P,p), and an FO-definable NFA A = {T,Q,F,S) s.t. P C Q. The NFA A 
recognizes the following language L-p{A) of configurations of P, 

£-p(A) = {(p, w) G P X F* \ A accepts w from state p} . 

Such sets of configurations of V we call regular. We assume w.l.o.g. that states of A that 
belong to P do not have incoming transitions, i.e. ^CQxFx {Q\ P). 

► Example 3. Recall the FO-definable PDS V from Example building strictly monotonic 
stacks (maximal element on top). Let N be the following set of configurations 


N = {{£i, (fc, ai) • • • (fc, a 2 n+i)) G P x F* | oi > 02 < 03 > • • • < a 2 n-i-i} ■ 

This set is regular, and it is recognized by the NFA A from Examplei.e., C'p{A) = N. 
The backward reachability set is 


Reachp^(A^) = A^ U {(O, (A:, 02) ■■ - {k, a2„+i)) G P x F* | 02 < 03 > • • • < 02,1+1} ■ 
We will see below how to compute an FO-definable NFA recognizing Reachp^(A^). 


We could have also considered push rules which do not read the top of the stack, i.e., of the form 
^push _ l+Jf fe/gxtyfCfe'l' However, these would introduce e-transitions during our saturation 
procedure in Sec. which we want to avoid for simplicity. 
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We solve the reachability problem for PDS over oligomorphic atoms[^ Oligomorphicity 
is an important notion in model theory m- Formally, a structure is oligomorphic if, and 
only if, for every n G N, the set A" is orbit-finite. Not all structures are oligomorphic, as 
shown in the following example. 

► Remark (Timed atoms). Timed atoms (Q, <, -fl) is a well-known example of non-oligomorphic 
structure. They extend total order atoms (Q, <) with the successor relation (-1-1) C Q x Q. 
Automorphisms of timed atoms are monotone bijections tt of Q that preserve unit intervals, 
i.e., 7 r(a; -|- 1) = 7r(x) -I- 1. To see why timed atoms are non oligomorphic, it suffices to see 
that already has infinitely-many orbits. Indeed, for each z € Z, has a disjoint orbit 
{(x, j/) G I a; — y = z}. (Since automorphisms preserve unit intervals, they preserve all 
integer distances.) Working in non-oligomorphic structures like timed atoms requires the 
use of specialized techniques, and the generic algorithm presented in this section does not 
terminate. We have thoroughly studied the reachability problem for FO-definable pushdown 
systems and automata over timed atoms in [13] . 

Since oligomorphic atoms are very general, we can merely state decidability of the 
reachability problem, without any complexity bounds. The only additional assumption that 
we require is decidability of the first-order satisfiability problem in the structure A, which 
asks, given a first-order formula ip{xi, ..., x„), whether some valuation ij : {xi,..., x„} —>■ A 
of its free variables satisfies (p. 

► Theorem 4. Let A be an oligomorphic structure with a decidable first-order satisfiability 
problem. For FO-definable PDS V over A and an FO-definable NFA A over A recognizing a 
regular set of configurations L'p{A), one can effectively construct an FO-definable NFA B 
over A recognizing L'p{B) = Reachf,^(L-p(A)). 

We prove Theorem]^ by using the classical saturation technique mils]- We first describe a 
simple abstract algorithm manipulating infinite sets of transitions, and then we show how 
this can be implemented symbolically at the level of formulas. As in the classical case, the 
FO-definable NFA B which is computed by the algorithm is of the form (F, Q, F, S') with 
6 C S', i.e., it is obtained by adding certain transitions to A. For any relation a C Q xT x Q, 
let forced(a) C Q x F x Q be the following set of triples: 

forced(a) = {{q,a,q') \ 3{q,a,q",b,c) G 3(g", 6, g'") G a,3{q'",c,q') G a} . 

The abstract saturation algorithm is shown in Fig. The algorithm is partially correct 
for every structure A (even though it might not terminate). This follows directly from the 
observation that the saturated NFA B has a transition (g, a, q') G S' between states q,q' G P 
of V if, and only if, V admits a run (g, a) —>* (q', e) (we use here the assumption that no 
transition of A ends in a state g G P oi V). However, on arbitrary structures saturation does 
not terminate, either because the inclusion checking on line (3) is not decidable, or because it 
never actually holds. The first issue is addressed by the requirement that A has a decidable 
first-order satisfiability problem, and the second one by the fact that A is an oligomorphic 
structure. 


® One could also consider PDS defined by general prefix rewriting, i.e., with transitions in p C P x P* x 
P X r*. For oligomorphic atoms, our simplified push/pop model can simulate prefix rewriting while 
preserving reachability properties (but not configuration graph isomorphism, or even bisimilarity), like 
in the classical case. 
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(0) (5' := 5 U /9P°P 

(1) repeat 

(2) 5' := 5' U forced((5') 

(3) until forced((5') C 5' 

H Figure 1 Abstract saturation algorithm. 

INPUT: an FO-definable PDS V = {V = y[(pfc],P = (jj[6]> U pP°P), with 

k i 

= y [pTM,k'k’'lP^°^ = 1+J [pS]. and an FO-definable NFA 

iki'k'k" iki' 

A= {r,Q = y [V'f], (5 = y [Sekt']), with C [tpi], for every e G L. 

i ik£' 

(0) for every fc, : 8[f,(^,{x,y,x') := 5iki>{x,y,x') V (T, y, f') 

(1) repeat 

(2) for every £, fc, : S'^f.^,{x,y,x') := 5[kt{x,y,x') V iovce<l{5')t,kt{x,y,x') 

(3) until( Vf, y, x' ■ forced((5' (x, y, f') (f, y, x')) 

e,k,£' 

M Figure 2 Concrete saturation algorithm; i, range over L, and k ranges over K. 


We implement the abstract algorithm from Fig. symbolically, by manipulating formulas 
instead of actual transitions. We assume w.l.o.g. that the index set of P (the control locations 
of V) is the same as the index set of Q (the states of A). First, notice that the set forced(a) 
is FO-definable whenever a is so, since it can be expressed as follows: 


forced(Q;)£fc^/(T, y, f') := \/ 3x" , y, y", x"' ■ pTk£"k'k"i^^ fo ^ P > v') ^ 

GL,k',k"GK 

ae"k'£"'{x”,if,x"') A at'"k"e'{x'",if',x'), 


where L is the index set of Q, and K is the index set of F. Steps (0) (initialization of S') 
and (2) (update of S') of the algorithm are implemented by disjunction of FO-definable sets, 
therefore at each stage of the algorithm S' is an FO-definable set, and thus an equivariant set 
(i.e, a union of orbits). The test (3) is computable whenever first order satisfiability is so. We 
obtain the concrete algorithm in Fig. Termination is guaranteed since A is oligomorphic, 
which implies orbit-finiteness of Q x F x Q. Indeed, S' is always a union of orbits at every 
stage, and therefore at least one orbit is added to S' at every iteration. 


► Example 5. We apply the concrete saturation algorithm to the PDS V and NFA A from 
Example]^ Recall that T" = (F = {A:} U Q, P = {£/} , with p^//k);jkki^ > P'> v") = (P < 

y'/\y" = andxl = (r,(3 = {0}U{£o,0}xQ,E = {4}xQ,(5), with SijkioUy,x') = x'<y, 
Siokh {x, y, x') = (x = yf\x' > y), Si^kig (x, U, x') = {x = yAx' < y) (omitting the trivial cases). 
For the first iteration, let 5*^ := (5. We compute forced((5®), for which the only nontrivial case is 


l(c^ 
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forced(5°)£,fcfi(,2/,x') 
which equals 


3y', y", X'" ■ y,, y', y") A (, y', x"') A (x'", y", x'), 


32 /', 2 /", x"' • (y < y' A y" = y) A (x"' < y') A (x"' = y" A x' > y"). 


By removing quantifiers (thanks to the density of Q), the former is equivalent to x' > y. 
Therefore, extends (5° with the new transition (, 2 /, x') = (x' > y). Since is 

not equivalent to <5°, we go to the next iteration. We compute forced((5^), for which the 
only new case is forced(<5i)£,fcf„(,y,x') = 3y',y",x'” ■ pT^Uikki^V^ ^v'^v”) ^ ^ 

Sl^ktS^'"^y "which equals 

32 /', y", x'" • (y < y' A y" = y) A (x'" > y') A (x'" = y" A x' < y"). 


The latter is equivalent to 3y' ■ y < y' A y > y' ^ x' < y, which is clearly unsatisfiable. 
Therefore is equivalent to 5^, and the algorithms stops. It is immediate to check that 
B = {T,Q = ii U X Q,F = {io} X Q, recognizes precisely Reachp^(iV), where 

N = Cv{A). 


Preservation of regularity II: Homogeneous atoms 

Relational homogeneous structures are a well-behaved subclass of oligomorphic structures, 
for which we are able to give precise complexity upper bounds for our saturation construction. 
A relational structure A (i.e., with no function symbols in the vocabulary) is homogeneous if 
every isomorphism between two finite induced substructure^^f A extends to an automorphism 
of the whole A. This immediately implies that A is oligomorphic. 

► Proposition 1. Let A be a relational homogeneous structure. For n > 1, the number of 
orbits of A" is bounded by 2P°'y("). 

Proof. A tuple of n elements (oi,..., a„) G A" can be seen as an induced substructure of 
A, where elements are additionally labelled with the positions {1... n}. Two such induced 
substructures a,b G A" are isomorphic exactly when the elements a and b satisfy the same 
relations in the vocabulary of A. Therefore, there number of isomorphism classes is bounded 
by 2 p°A(”’). Since A is homogeneous, every isomorphism between a and b extends to an 
automorphism of the whole A, and thus a and b are in the same orbit. Consequently, the 
same bound applies to the number of orbits of A". ◄ 

All structures listed in the introduction are homogeneous relational structures. However, not 
all oligomorphic relational structures are homogeneous as the example below shows. 

► Example 6 (Bit vector atoms). Let a bit vector be any infinite sequence of zeros and 
ones with only finitely many ones. A bit vector can be represented by a finite sequence, by 
cutting off the infinite zero suffix. Consider the relational structure V = (y,0,-|-), consisting 
of the set V of all bit vectors, together with a unary predicate 0(_) that distinguishes 

the zero vector, and the ternary relation_-|-_ = _that describes point-wise addition 

modulo 2. Automorphisms of V are precisely linear mappings, i.e., bijections / s.t. /(O) = 0 
and f{u -I- u) = f{u) -I- f{v). The orbit of a tuple (xi,... ,u„) G F” is determined by its 
addition type, i.e., by the the set of all equalities of the form -I- ... -I- Vi^ = 0 satisfied by 
(ui,..., Vn)- Indeed, for two tuples (ui,..., m„), (xi,..., Vn) G F” having the same addition 


An induced substructure is a structure obtained by restricting the universe to a subset of atoms. 
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type, consider the partial bijection / defined as /(ui) = ai,..., f{un) = Vn- By using the 
Steinitz exchange lemma, the function / can be extended to a linear mapping on the whole 
V, and thus (rti,..., u„) and (z;i,..., Vn) are in the same orbit. Therefore, the number of 
orbits of is finite. On the other hand, V is not homogeneous. For instance, the two 
induced substructures X = {1000,0100,0010,0001} and Y = {1000,0100,0010,1110} are 
isomorphic. Define, e.g., f(OOOl) = 1110, and f(x) = x if x ^ 0001. The reason why / 

is an isomorphism is that / needs to respect_+_=_only inside its domain, and any 

combination of two vectors from X falls outside of X. However, the isomorphism / does not 
extend to an automorphism of V, since vectors in Y are not independent^ 

It is worth mentioning that, while some atom structures are not homogenous, sometimes 
adding extra relational symbols (thus restricting the notion of isomorphic substructure) can 
make it homogeneous; cf. the example of universal tree order atoms from Sec. where 
adding one extra relational symbol turns a non-homogeneous structure it into a homogeneous 
one. 

Fix a homogeneous relational structure A. We give a precise complexity upper-bound for 
the complexity of the concrete saturation procedure from Fig. [^and, thus, for reachability. 
This depends on the complexity of the induced substructure problem for A. The (finite) 
induced substructure problem for A asks whether a given finite structure A over the same 
vocabulary is an induced substructure of A. This amounts to find an isomorphism mapping 
elements from A into atoms A s.t. all relations from the vocabulary are preserved. Assume 
that the induced substructure problem for A is decidable in time T(k), where k is the size 
of the input. The complexity estimations below are always understood with respect to the 
sizes of the representing formulas. Let the width of a formula be the number of its variables. 
Let n be the width of an input automaton, defined as the greatest width of the formulas 
appearing in its definition, and let m be its size, defined as the sum of sizes of the defining 
formulas. By T-relative pseudo-polynomial time complexity we mean the time complexity 

2P°'y(”) • poly(m) • T(poly(n)), 

i.e., exponential in the width n but polynomial in the size m. Note that this is relative to 
the complexity T of the induced substructure problem. 

► Theorem 7. Let A be a homogeneous structure with induced substructure problem decidable 
in time T{k). For FO-definable PDS V over A and an FO-definable NFA A recognizing a 
regular set of configurations L'p{A), one can construct in T-relative pseudo-polynomial time 
an FO-definable NFA B recognizing L'p{B) = Reachfi^{L'p{A)). 

As a consequence, reachability in FO-definable PDS over A is decidable in T-relative pseudo¬ 
polynomial time. 

Proof. Fix a homogeneous relational structure A, and suppose that its induced substructure 
problem is decidable in time T(k). We show that the concrete saturation algorithm from 
Fig.i terminates in T-relative pseudo-polynomial time. We use quantifier-free formulas over 
the vocabulary of A in legal disjunctive normal form, to be defined below. A positive literal 


^ The notion of homogeneity can be extended to structures with relations and functions, but one must 
consider finitely-generated induced substructures of A instead of finite ones. Note that V becomes 
homogeneous if -|- is considered as a binary funetion, instead of a relation. The reason is that, in the 
presence of the functional symbol -b, the homogeneity condition for V quantifies over finite induced 
substructures that are closed w.r.t. -b, unlike the substructures in our example. 




] © Lorenzo Clemente and Slawomir Lasota; 

I licensed under Creative Commons License CC-BY 

Leibniz International Proceedings in Informatics 
LI PICS Schloss Dagstuhl — Leibniz-Zentrum fiir Informatik, Dagstuhl Publishing, Germany 





is a predicate of the form r(a;i,...,a:^), where xi,... ,Xk are variables, and r is a relational 
symbol in the vocabulary of A. A negative literal is the negation ^r{xi ,..., Xk) of a positive 
literal, and a literal is either a positive or a negative literal. We treat equality in the same 
way as other relations of A, thus there are also equality and inequality literals. A clause is a 
conjunction of pairwise different literals. A clause ip is complete if, for every positive literal 
I over the variables of (/?, either I or its negation appears in ip, but not both. A complete 
clause ip is consistent if 

■■ the equality literals define an equivalence over the variables of ip, and 
B the literals of ip are invariant under this equivalence relation, i.e., replacing variables 
appearing in a literal of ip with equivalent ones yields a literal that also appears in ip. 

A consistent clause ip gives rise to a finite structure A,p over the same vocabulary as A, whose 
elements are equivalence classes of variables, and where a relation r{[xi ],..., [xk]) holds if, 
and only if, r{xi ,... ,Xk) appears in ip (the choice of representative variables is irrelevant 
since ip is consistent). Thus, valuations satisfying ip are in one-to-one correspondence with 
embeddings of Atp into A, by which we mean injective homomorphisms that both preserve and 
reflect relations. A consistent clause ip is legal if, and only if, the structure A,p is isomorphic 
to an induced substructure of A, i.e., if there exists an embedding of A,p into A, written 
A,p C A. Thus, a clause ip is legal if, and only if, it is satisfiable. 

► Proposition 2. Legality of a complete clause of size m is decidable in time poly(m) -I- T(m). 

We consider two clauses to be equal when they contain the same literals. A formula is in legal 
disjunctive normal form (Idnf) if it is a disjunction of pairwise different legal clauses over the 
same variables. We use the convention that the empty clause and the empty Idnf represent, 
respectively, true and false. For two formulas ip and tp with the same free variables, we say 
that they are equivalent, written ip = ip, when [</?] = [tp], i.e., when they define the same set 
of tuples. 

► Proposition 3. A quantifier-free formula ip can be transformed into an equivalent formula 
Ip in Idnf in T-relative pseudo-polynomial time. 

Proof. Enumerate exhaustively all complete clauses over the variables of ip, and keep only 
those clauses {ipi}i which are legal (which is efficiently checkable by Proposition]^, and that 
satisfy ip (computable in time polynomial in the size of ip). Take ip = \J^ipi. Clearly, ip = ip. 
The time complexity claim follows since the number of complete clauses is exponential in the 
number of variables, but independent from the size of ip. ◄ 

For homogeneous structures, the previous claim can be strengthened to first-order formu¬ 
las. Essentially, this follows from the fact that, in a homogeneous structure, existential 
quantification can always be resolved positively. 

► Proposition 4. A first-order formula ip can be transformed to an equivalent formula ip in 
Idnf in T-relative pseudo-polynomial time. 

Proof. As the first step, transform the input formula into prenex normal form. Then, 
transform the quantifier-free subformula into an equivalent Idnf, using Proposition]^ Finally, 
eliminate the quantifiers in sequence, starting from the innermost one, keeping the quantifier- 
free sub formula in Idnf. Elimination of one existential quantifier is done as follows. First, 
distribute it over the disjunction of clauses, 

ip = 3x ■ IpiV . . .V Ipn = 3x ■ Ipi V . . . V 3x ■ Ipn 
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and then replace every disjunct 3a: • ijji with the clause obtained from by removing 
those literals that contain x. We claim that, after elimination of duplicates, 

ip = V'i V ... V , 

where the right-hand side is in Idnf. To this end, we show that each ■(/)' is legal, and that 
3x • V'i = Let and be the two substructures of A defined by the two clauses. 
Clearly, A^r C Aip^^ C A, which immediately implies legality of "0' by transitivity. The 
left-to-right inclusion [3a: • ipi\ C [-(/;'] of the equivalence between 3x ■ ipi and is immediate, 
since 3a • ipi is more discriminating. For the other inclusion [ipl] C [3a • tpi], let a' € ['0']. Let 
fa' be the natural embedding of ^. 0 ' into A mapping each equivalence class of variables in 
A^jj'. to the corresponding element in a'. Similarly, since A^p- C A, there exists a tuple ab 
and an embedding g^b of Ap^^ into A, where (/ah([a]) = b. The substructure induced by a is 
isomorphic to that induced by a!. Let h be such an isomorphism. Since A is homogeneous, 
h extends to a full automorphism of A. Define b' = h(b). Then, a'b' G [ipi], and thus 
a! G [3a • ipp. 

The universal quantifier is handled with the equivalence Wx ■ ip = ^3a • -^ip: First we 
replace —>ip by an equivalent formula in Idnf ip by applying Proposition!^ Then, we apply the 
procedure above to remove the existential quantifier in 3a • ip, and we thus obtain another 
formula ip' in Idnf s.t. 3a • -^(p = ip'. Finally, a further application of Proposition to —iip' 
yields a formula ip" in Idnf s.t. ip" = Sx ■ ->(/?. ◄ 

By repeatedly using Proposition]^ we can implement the saturation algorithm in T-relative 
pseudo-polynomial time: First, transform all the formulas defining states and transitions of 
the input automata V and A into Idnf. Then, in every iteration, the formula forced((5') is 
also transformed into Idnf. Step (2) is implemented by computing the union of clauses, and 
the implication in step (3) reduces to the inclusion of the sets of clauses of forced((5') into 
those of 5'. Thus, one iteration of the algorithm requires relative pseudo-polynomial time. 
The total number of iterations is bounded by the number of orbits of the set Q xV x Q, 
since in every iteration at least one orbit is added to 5'. By Proposition]^ the number of 
orbits in bounded by 2 P°b(".) where n is the dimension of Q x F x Q. Therefore, the concrete 
saturation algorithm runs in T-relative pseudo-polynomial time for homogeneous atoms. ◄ 

As a consequence of Theorem ]^ under a bound on the width of input automata, the 
PDS reachability problem is in PTime, independently of the complexity T{k) of the induced 
substructure problem. Moreover, the proof of Theorem ]^ reveals that the polynomial above 
does not depend on the bound on width]^ 

► Corollary 8. The PDS reachability problem is fixed-parameter PTime, with the width of 
the input automaton as the parameter. 

In Theorem]^ we have shown that the complexity of the saturation procedure/reachability 
can be upper-bounded once we have a bound on the complexity of the induced substructure 
problem. We show below that, depending on the homogeneous structure, the latter problem 
(and thus reachability) can be of arbitrarily high complexity, or even undecidable. Therefore, 
the bound on the time complexity of induced substructure problem in Theorem ]7] is a 
necessary assumption. 


We are grateful to Mikolaj Bojahczyk for noticing this fact. 
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► Theorem 9. Let X CN be a set of natural numbers. There exists a homogeneous structure 
Ax s.t. membership in X is many-one reducible to the induced substructure problem for Ax- 

Proof. Let X C N be an arbitrary set of natural numbers. Intuitively, we effectively encode 
the set of natural numbers in an infinite antichain of finite tournaments, and we construct a 
homogeneous structure Ax s.t., for every natural number n S N, n S X if, and only if, the 
encoding of n is an induced substructure of Ax- We use the instantiation of the embedding 
partial order C to finite directed graphs: G Q H ii G is isomorphic to an induced subgraph 
of H. A tournament is a directed graph T = {V,E) s.t., for every pair of vertices x,y GV, 
either {x, y) G E, or {y, x) G E, but not both. It is known that there exists a countably 
infinite C-antichain T of finite tournaments [21] . Let / be an efficiently computable bijective 
mapping between natural numbers and tournaments in the antichain T. Let Tx be those 
finite tournaments T inT with T = f{n) for some n G X. The construction of Ax uses the 
following result. 

► Proposition 5 ([24]; see also m)- For every C-upward-closed family T of finite tournaments, 
there is a homogeneous directed graph A such that, for every finite tournament T, T C 
A if, and only if, T G T. 

Let Ax be the homogeneous directed graph obtained by applying the proposition above to 
the upward closure of the antichain Tx- Then, for a natural number n G N, we have n G X 
if, and only if, the finite tournament /(n) is in Tx, which is the same as /(n) being in the 
upward-closure of Tx, since /(n) is by construction in the antichain T- By the proposition 
above, the latter property is equivalent to ask whether f{n) G Ax- Therefore, we can reduce 
membership in X to the induced substructure problem in Ax- 


The purpose of this section is to provide concrete examples of homogeneous structures for 
which we can efficiently solve the reachability problem of FO-definable PDS. Those are well 
known in the model-theoretic community (cf. |24|L and we present them here in order to 
show the wide applicability of our results. We also present a general technique, called wreath 
product, which can be used to derive new homogeneous structures from known ones. Recall 
that, by Theorem]^ if T{k) is the time complexity of the induced substructure problem of 
a homogeneous structure A, then reachability of FO-definable PDS over A is decidable in 
T-relative pseudo-polynomial time. When the former problem is in PTime, reachability can 
be solved in ExpTime by the following corollary of Theorem]^ 

► Corollary 10. Let A be a homogeneous relational structure with a PTime induced substruc¬ 
ture problem. For FO-definable PDS V over A and an FO-definable NFA A recognizing a 
regular set of configurations L'p{A), one can construct in ExpTime an FO-definable NFA 
B recognizing L'p{B) = Reachf,^{L'p{A)). In particular, the FO-definable PDS reachability 
problem over A is in ExpTime. 

All the concrete examples that we provide in the sequel, and all infinitely many examples 
that can be obtained by applying the wreath product, have a PTime induced substructure 
problem, and thus reachability is in ExpTime. 

Equality. Equality atoms (D, =) consist of a countably-infinite set D together with the 
equality relation. Automorphisms are permutations of D. Homogeneity follows from the fact 
that any finite partial bijection D —)■ D can be extended to a permutation of the whole set D. 
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6 Examples of homogeneous structures 






This is arguably the simplest homogeneous structure. The induced substructure problem is 
in PTime, since it amounts to check whether the interpretation of = in a given finite structure 
is the equality relation. By Corollary reachability for FO-definable PDS over equality 
atoms is in ExpTime. This subsumes the result of m, which considers a special case of our 
model where, among other restrictions, the input and stack alphabets are 1-dimensional, and 
the transition relation is quantifier-free definable (instead of FO-definable). Additionally, 
m shows that the problem is ExpTime-hard for equality atoms. 

All the examples below generalize equality atoms by adding more relations to the 
vocabulary. We omit equality, which is assumed to always be in the vocabulary. 

Equivalence. Equivalence atoms (D, R) consist of a countably-infinite set D and an infinite- 
index equivalence relation R over D s.t. each one of the infinitely-many equivalence classes 
is itself an infinite subset of D. An automorphism of equivalence atoms is a bijection / 
of D which respects R, in the sense that, for every x,y G {x,y) G R if, and only if, 
(/(^)) /(y)) G R- Equivalence atoms are homogeneous. (We will see later that equivalence 
atoms are isomorphic with the wreath product of equality atoms with itself.) This can model 
hierarchically nested data, where one can check whether two elements belong to the same 
equivalence class, and, if so, whether they actually are the same element. Higher nested 
equivalence atoms can be obtained by iterating this process: 0-nested equivalence atoms are 
just equality atoms; and for any k > 0, {k + l)-nested equivalence atoms can be seen as the 
disjoint union of infinitely many copies of fc-nested equivalence atoms, with one additional 
equivalence relation that relates a pair of elements iff they belong to the same copy. 

Total, betweenness, and cyclic order. Total order atoms (Q, <) can be presented as the 
rational numbers Q together with the natural total order <. Automorphisms are monotonic 
bijections of rational numbers. Homogeneity follows from the fact that < is dense: A 
monotonic bijection / : A —>■ F over a finite domain X extends to an automorphism of 
Q. The induced substructure problem is in PTime, since it amounts to check whether the 
interpretation of < in a given finite structure is a total order. This can be used to model 
qualitative time, where events are totally ordered, but no information is available on the 
distance between them. Another instance is given by data-centric applications m- 

Betweenness order atoms (Q, B) use the betweenness relation B, which is obtained by 
considering the order < up to reversal: B{x,y,z) holds when x lies between y and z, i.e., 
either y<x<z or z<x<y. This can be used to model time where one is not interested on 
the order between the events themselves, but rather on whether an event happened between 
two other events. Cyclic order atoms (Q, K) use the ternary cyclic ordering K obtained by 
bending the total order into a circle. Formally, K{x, y, z) if either x < y < z, or z < x < y, 
or y < z < X. This can model a notion of qualitative cyclic time, where events cyclically 
repeat, but no precise timing information is available. For both betweenness and cyclic order 
atoms, the induced substructure problem is in PTime. 

Universal partial order and preorder. Every relational homogeneous structure is obtained 
as the Fraisse limit of the set of all its finite induced substructures [12]. (We do not formally 
define here the notion of Fraisse limit, which is a central tool for constructing homogeneous 
structures; cf. m-) For instance, total order atoms are the Fraisse limit of all finite total 
orders. Partial order atoms are obtained as the Fraisse limit of the set of all finite partial 
orders. The induced substructure problem amounts to determine whether the interpretation 
of < in a given finite structure is a partial order, which can clearly be done in PTime. This 
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can be used to model the ordering of events in distributed systems. Along the same lines one 
obtains preorder atoms. 

Universal tree order. A tree order (or semilinear order) is a partially ordered structure 
(A, <) s.t. a) every two elements have an common upper bound, and b) for every element, 
its upward closure is totally ordered. Tree order atoms (T, <) are obtained as the Fraisse 
limit of the set of all finite tree orders. Intuitively, tree order atoms consists of a countably- 
infinite tree order where each maximal path is isomorphic to total order atoms. Tree order 
atoms as presented here are not homogeneous. Intuitively, this happens because isomorphic 
substructures have least upper bounds outside the structures themselves, and they might 
relate to those in an incomparable way. This can be amended by introducing be the following 
ternary relation: R(x,y,z) holds when the lub of x and y is incomparable with z. Then, 
(T, <,R) is homogeneous, and it can be obtained as the Fraisse limit of the set of all extended 
finite tree orders {A,<,R). The induced substructure problem is in PTime for {T,<,R). 

Universal graph and tournament. Universal graph atoms are obtained as the Fraisse limit 
of the set of all finite graphs. This is also known as Rado’s graph or the random graph. The 
induced substructure problem is trivial since the universal graph contains an isomorphic copy 
of every finite graph. Similarly, universal tournament atoms are the Fraisse limit of the set of 
all finite tournaments, where a tournament is an irreflexive graph T = (F, E) s.t., for every 
two nodes x,y £V, either (cc, y) G E, or (y, x) G E. Given a graph, it is clearly checkable 
in PTime whether it is actually a tournament, thus the induced substructure problem is in 
PTime also in this case. 

Wreath products. We conclude this section by giving a construction which allows to 
compose homogeneous structures in order to produce new ones. Given two relational 
structures A = (A, i?i,..., Rm) and B = (B, Si,..., Sn), their wreath product is the relational 
structure A G B = {A x B, R [,..., R'.^, S[,..., S^), where ((oi, 6i),..., (ak,bk)) G R[ if 
(ai, ...,ak) G Ri, and ((oi, &i),..., {au, bk)) G Sj if ai = ■■■ = Ok and (6i, ...,bk) G Sj. 
Intuitively, A G B is obtained by replacing each element in A with a disjoint copy of B. It 
can be checked that, if the two structures A and B are homogeneous, then the same holds for 
their wreath product A G B. The induced substructure problem for A G B reduces in PTime 
to the same problem for A and B: {(oi, 6i),..., (o^, bk)} is an induced substructure of AgB 
if, and only if, {oi,..., Ok} is an induced substructure of A, and for every i, {bj \ aj = Oi] is 
an induced substructure of B. Therefore, if both A and B have a PTime induced substructure 
problem, then the same holds for AgB, and Gorollary [TO] applies. 

As an application of the wreath product, take Ag = (D, =) to be equality atoms, and, for 
each k > 0, let A^+i = Ag G A^. Then, Ai is just the equivalence atoms presented before, 
and, more generally, A^, = (D, i?i,..., Rk) is k-nested equivalence atoms, which can be used 
to model data with nested equivalence relations. For each of those infinitely many examples, 
the reachability problem for FO-definable PDS is in ExpTime. 

[Y] Conclusions 

We have studied the reachability problem for a model of PDS with countably-infinite FO- 
definable states, stack alphabet, and transitions relation. We advocate a Ockham’s razor 
research strategy that refrains from inventing seemingly new notions. Instead, we have taken 
the standard definition of PDS and re-interpreted it in the richer framework of FO-definable 
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sets instead of ordinary finite sets. This covers the well-known model of pushdown register 
automata as one instantiation of the general paradigm, and we have shown that the 

optimal ExpTime complexity for the reachability problem for this model can be recovered 
in the more general framework. This same paradigm can of course be applied to a variety 
of different models, like timed PDS [5], data/timed extensions of Petri nets 0 123], lossy 
channel systems [D, 1-clock/1 -register alternating automata [2211271 [TS], rewriting systems [5], 
etc. Therefore, the present paper can be seen as a proof of concept of the new research 
strategy. For example, one could consider FO-definable pushdown automata (PDA) and 
FO-definable context-free grammars (CFG) as acceptors of languages over infinite alphabets. 
The definition of FO-definable PDA is analogous to PDS, except that the transition relation 
is an FO-definable subset of Q x F* x x Q x F*, where = A U {e} is an FO-definable 
alphabet extended with the empty word. Similarly, FO-definable CFG can be defined 
as stateless FO-definable PDA where every transition pops exactly one symbol from the 
stack. It is easy to prove that FO-definable PDA languages coincide with FO-definable 
context-free languages for oligomorphic atoms |S], and that the latter are closed under 
union, concatenation, Kleene star, homomorphism, inverse homomorphism, intersection with 
FO-definable regular languages, and that collapsing each orbit to a different symbol yields a 
classical context-free language. 
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